Especially for personal accounts.
I get why a corporation would require it for employees…
But I hate it when Apple, Samsung, etc. are forcing you to have 2fa, especially by requiring a phone number.
Side note: Bitwarden will be requiring email verification codes starting in February 2025, for those who haven’t enabled 2fa yet (see my Post in YSK). Most people store their email credentials in their password vault… so a lot of people are gonna get locked out of their bitwarden vaults. I kinda hate it, especially on such sort notice (less than 10 days).
Necessary but evil. My workplace had a million headaches implementing an email-based 2fa system. So many automatic services blocking our emails, so many people who are tech illiterate who cannot understand 2fa, and all of their calls got sent to me and my team despite none of us having technical support experience. However, it has massively increased the security of our site, while allowing us to finally implement a way for people to unlock their own accounts if they do have too many unsuccessful login attempts. The juice is worth the squeeze.
Fully agree. One of my old password was leaked years ago in one of the many many database breaches and it was used for Spotify and steam. I got the mfa code for the steam account email and was able to lock it down immediately.
Now I use bitwarden and all my passwords are random strings of 16 characters that I will never remember, nor care to. Good luck hackers. And have MFA setup where I’m able to.
Sample password - 8rY2xD7fNjE#TH#ROM
Teaching people and explaining why we have it is easy for me since I was almost a victim. After that, it’s easy.